@growth-labs/mailer 0.2.1 → 0.3.0

package/src/utils/webhook-signature.ts

@@ -0,0 +1,91 @@
+import type { ResolvedMailerOptions } from '../options.js'
+
+type WebhookSignatureOptions = ResolvedMailerOptions['webhookSignature']
+
+export async function verifyWebhookSignature(
+	options: WebhookSignatureOptions,
+	request: Request,
+	body: string,
+	nowMs: number = Date.now(),
+): Promise<boolean> {
+	if (!options.enabled) return true
+
+	const timestamp = request.headers.get(options.timestampHeader)
+	const signatureHeader = request.headers.get(options.header)
+	if (!timestamp || !signatureHeader) return false
+
+	if (!timestampWithinTolerance(timestamp, options.toleranceSeconds, nowMs)) return false
+
+	const signature = signatureFromHeader(signatureHeader)
+	if (!signature) return false
+
+	const key = await importWebhookKey(options.secret)
+	const signedBody = `${timestamp}.${body}`
+	return crypto.subtle.verify(
+		'HMAC',
+		key,
+		fromBase64Url(signature),
+		new TextEncoder().encode(signedBody),
+	)
+}
+
+export async function signWebhookPayload(
+	secret: string,
+	timestamp: string,
+	body: string,
+): Promise<string> {
+	const key = await importWebhookKey(secret)
+	const signature = await crypto.subtle.sign(
+		'HMAC',
+		key,
+		new TextEncoder().encode(`${timestamp}.${body}`),
+	)
+	return toBase64Url(signature)
+}
+
+function timestampWithinTolerance(
+	timestamp: string,
+	toleranceSeconds: number,
+	nowMs: number,
+): boolean {
+	if (toleranceSeconds === 0) return true
+	const parsed = Number(timestamp)
+	if (!Number.isFinite(parsed)) return false
+	const timestampMs = parsed > 1_000_000_000_000 ? parsed : parsed * 1000
+	return Math.abs(nowMs - timestampMs) <= toleranceSeconds * 1000
+}
+
+function signatureFromHeader(header: string): string | null {
+	const parts = header.split(',').map((part) => part.trim())
+	for (const part of parts) {
+		if (part.startsWith('v1=')) return part.slice(3)
+	}
+	return parts[0] || null
+}
+
+async function importWebhookKey(secret: string): Promise<CryptoKey> {
+	return crypto.subtle.importKey(
+		'raw',
+		new TextEncoder().encode(secret),
+		{ name: 'HMAC', hash: 'SHA-256' },
+		false,
+		['sign', 'verify'],
+	)
+}
+
+function fromBase64Url(value: string): Uint8Array<ArrayBuffer> {
+	const padded = value
+		.replace(/-/g, '+')
+		.replace(/_/g, '/')
+		.padEnd(Math.ceil(value.length / 4) * 4, '=')
+	const binary = atob(padded)
+	const bytes = new Uint8Array(new ArrayBuffer(binary.length))
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i)
+	return bytes
+}
+
+function toBase64Url(bytes: ArrayBuffer): string {
+	let binary = ''
+	for (const byte of new Uint8Array(bytes)) binary += String.fromCharCode(byte)
+	return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
+}

package/src/virtual.d.ts

@@ -15,6 +15,20 @@ declare module 'virtual:growth-labs/mailer/config' {
 		unsubscribePath: string
 		preferencesPath: string
 		webhookPath: string
+		webhookSignature:
+			| {
+					enabled: false
+					header: string
+					timestampHeader: string
+					toleranceSeconds: number
+			  }
+			| {
+					enabled: true
+					secret: string
+					header: string
+					timestampHeader: string
+					toleranceSeconds: number
+			  }
 		trackOpenPath: string
 		trackClickPath: string
 		siteUrl: string